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Claims 

1. Method for forming an encrypted message containing 
communication configuration data, 

• in which an Internet-based authentication method is 
executed by using at least one service from a unit in a 
security layer or link control layer between a first 
communication unit and a second communication unit, so 
that at least one pair of cryptographic keys is formed for 
the first communication unit and for the second 
communication unit, 

• in which the communication configuration data of the first 
communication unit is encrypted using at least one 
cryptographic key of the at least one pair of 
cryptographic keys, thus forming the encrypted message. 

2. Method according to claim 1, 

in which the Internet-based authentication method is based on 
an extensible authentication protocol method. 

3. Method according to claim 1 or 2, 

in which the communication configuration data is transmitted 
from the first communication unit to the second communication 
unit by using electronic messages according to the Internet- 
based authentication method. 

4. Method according to one of the claims 1 to 3, 

in which the communication configuration data is transmitted 
from the first communication unit to the second communication 
unit by using electronic messages according to one of the 
following Internet-based authentication methods: 

• protected extensible authentication protocol method, 

• extensible authentication protocol tunneled TLS 



PCT/EP2004/051153 / 2003P08757WOUS 

27 



authentication protocol method, or 

• protocol for carrying authentication for network access 
method . 

5. Method according to one of the claims 1 to 4, 

in which the first communication unit is a communication unit 

of a communication network element. 



6. Method according to claim 5, 

in which the first communication unit is a communication unit 
of a communication network element in a mobile radio 
communication network. 



7. Method according to one of the claims 1 to 6, 

in which the second communication unit is a communication 
terminal . 

9 

8. Method according to claim 7, 

in which the second communication unit is a mobile radio 
communication terminal . 



9. Method according to one of the claims 1 to 8, 
in which the communication configuration data is encoded 
according to a protocol format of a protocol for configuring 
a communication terminal. 



10. Method according to claim 9, 

in which the communication configuration data is encoded 
according to a protocol format of a protocol for dynamically 
configuring a communication terminal. 



11. Method according to claim 10, 

in which the communication configuration data is encoded 
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according to a dynamic host configuration protocol for 
dynamically configuring a communication terminal. 

12. Method for encrypting an encrypted message containing 
communication configuration data, 

• in which an Internet-based authentication method is 

* 

executed by using at least one service from a unit in a 
security layer or link control layer between a first 
communication unit and a second communication unit, so that 
at least one pair of cryptographic keys is formed for the 
first communication unit and for the second communication 
unit, 

• in which communication configuration data of the second 
communication unit is determined by using at least one 
cryptographic key of the at least one pair of cryptographic 
keys to decrypt the encrypted message containing the 
communication configuration data. 

13. Device for forming an encrypted message, said encrypted 
message containing communication configuration data, 

• having a key generation unit which is able to execute an 
Internet-based authentication method by using at least one 
service from a unit in a security layer between a first 
communication unit and a second communication unit, so that 
at least one pair of cryptographic keys is formed for the 
first communication unit and for the second communication 
unit, 

• having an encryption unit which is able to encrypt the 
communication configuration data by using at least one 
cryptographic key of the at least one pair of cryptographic 
keys, thus forming the encrypted message. 



14. Device for encrypting an encrypted message, said encrypted 



r 
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message containing communication configuration data, 

• having a key generation unit which is able to execute an 
Internet-based authentication method by using at least one 
service from a unit in a security layer between a first 
communication unit and a second communication unit, so that 
at least one pair of cryptographic keys is formed for the 
first communication unit and for the second communication 
unit, 

• having a decryption unit which is able to decrypt the 
communication configuration data of the second 
communication unit by using at least one cryptographic 
key of the at least one pair of cryptographic keys in 
decrypting the encrypted message containing said 
communication configuration data. 



